A Blog About Exchange & Office 365

Menu

Distribution Groups – Cleanup with PowerShell

I recently had a client who wanted me to find an automated method for finding and hiding/disabling distribution groups that are essentially defunct. The project was part of a larger goal to cleanup AD and Exchange and keep it as automated as possible.

Criteria for the goal:

Any group that had not received email in 6 months is hidden.

Any group that had not received email in 12 months is disabled.

When a group is hidden or disabled, an email goes to the manger.

IT is notified when the group id disabled to determine if its OK to delete.

Run the script monthly

As with any script of this type, I wrote it in a test lab that had multiple Exchange 2010 Transport servers and over a thousand groups (due to the 1000 item limit in some scripts. In order to test this script without waiting for 12 months, I had to generate some messaging logs. See my previous article on how to do this. Once these logs were in place I could perform my testing. In order to track activity or inactivity for a group, I am using the attribute ‘CustomAttribute10’ to keep track of

Here is the script, that has been test and provided to you as-is.

The below section of code is simply an explanation of what the script is about as well as some variable definition for later use.

This part of the script stores information about groups that have had email sent to them in the past month. Information from this part of the script is stored in an array variable called $activegroups. We’ll store this information to be used later in the script.

This section compares the two sets of data that was gathered – all distribution groups ($Allgroups) with the active distribution groups ($ActiveGroups). The differences are stored in a variable called $Inactivegroups which holds information about groups that were not active this past month.

The above section is a bit complex, but what it essentially does i go through each group deemed inactive and see if it has been inactive for 6 or 12 months. If it has been inactive for 6 months (customerattribute10 = 6), then the group is hidden and an email is sent to the manager of the group through a function called ‘mail-managerhidden’. If the group has been inactive 12 months (customerattribute10 = 12), then the group is disabled and an email is sent to the IT group through a function called ’emailIT-Groupremoval’. The functions are listed below and are custom coded for this script.

function mail-managerhidden ($groupsmtpaddress) {
$manager = ((get-distributiongroup $groupsmtpaddress).managedby)
$manager | foreach {
$mgr = $_.name
$smtp4 = (get-mailbox $mgr).emailaddresses
$smtp4 | foreach {
$smtp3 = $_.smtpaddress
$smtp3
}
$smtp += @($smtp3)
}
$DLName = (get-distributiongroup $groupsmtpaddress).displayname
[string] $body = "<strong>NOTIFICATION</strong><BR><BR>As a part of regular maintanence, IT has decided to monitor the usage of Distribution # Lists.<BR><BR>This email is a notification that an Email Distribution List that you manage has been inactive for 6 months. Because of this level of inactivity, the group has been hidden from the Global Address List. Please check this list to see if it is still valid or not.<BR><BR>Please send an email to dscoles@testing.local if the list is no longer needed. Thanks for you assistance with this matter."
foreach ($line in $smtp) {
$messageParameters = @{
Subject = "Distribution List Manager Alert - Inactive Distribution List - $DLName"
Body = $body
From = "tuser01@dsl4.local"
To = $line
SmtpServer = "172.31.122.159"
}
Send-MailMessage @messageParameters –BodyAsHtml
}
}

In the above code section, the first this we need to do is get the manager list for each distribution group. Because of the way the managers are stored we need to parse each one to get the correct email address for the manager. After we get the manager, we format the message body, subject, who it goes to and who it is from. Then we send the message.

Notes
Some information needs to be changed to match your environment – SmtpServer, From, To, as well as what you want the Subject and Body of the message to contain. Also, the script uses ‘CustomAttribute10’ for tracking the activity. Feel free to change it to the attribute necessary for your environment.

Well, let’s start with some basics. What version of Exchange, what OS is Exchange on and what level is your Domain/Forest?

** This script ran perfectly in an Exchange 2013 (on Windows 2008 R2) and DCs are 2008 R2. Then I checked another test environment with Windows 2012 DCs and Exchange 2013 servers (on Windows 2012) and it also ran with out issue.

You might be able to use Get-MessageTrace to do something similar. The script you are referencing is written for an on-premises deployment and not Office 365. If I can find the time I will see if I can modify this to something similar in Office 365.

Jonathan Turwy, I am finalizing my testing now … The script will look at logs in Office 365 as well as your on premises Exchange Server. Any group that receives an email will be registered. Look for this in the next day or so as I want to put it through its paces.